mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 15:32:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ecp_curves: Refactored mbedtls_ecp_mod_p255.

Browse Source 
This patch introduces following methods, as implemented in the
design prototype, and updates them to utilise the _core methods
available for multiplication and addition.
* `mbedtls_ecp_mod_p255()`
* `mbedtls_ecp_mod_p255_raw()`

An entry has been exposed in the `ecp_invasive.h` header
to facilitate testing.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This commit is contained in:
Minos Galanakis 2023-05-10 15:46:47 +01:00
parent 50729eac74
commit d0292c2aca
2 changed files with 44 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
library/ecp_curves.c
View File

@ -4604,6 +4604,8 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n);
/* Additional forward declarations */ /* Additional forward declarations */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
static int ecp_mod_p255(mbedtls_mpi *); static int ecp_mod_p255(mbedtls_mpi *);
MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif #endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
static int ecp_mod_p448(mbedtls_mpi *); static int ecp_mod_p448(mbedtls_mpi *);
@ -5417,26 +5419,47 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs)
*/ */
static int ecp_mod_p255(mbedtls_mpi *N) static int ecp_mod_p255(mbedtls_mpi *N)
{ {
mbedtls_mpi_uint Mp[P255_WIDTH]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((256 + biL - 1) / biL);
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width);
cleanup:
return ret;
}
/* Helper references for top part of N */ MBEDTLS_STATIC_TESTABLE
mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH; int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs)
const size_t NT_n = N->n - P255_WIDTH; {
if (N->n <= P255_WIDTH) { mbedtls_mpi_uint carry[P255_WIDTH];
memset(carry, 0, sizeof(mbedtls_mpi_uint) * P255_WIDTH);
if (X_Limbs > 2*P255_WIDTH) {
X_Limbs = 2*P255_WIDTH;
} else if (X_Limbs < P255_WIDTH) {
return 0; return 0;
} }
if (NT_n > P255_WIDTH) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; /* Step 1: Reduction to P255_WIDTH limbs */
if (X_Limbs > P255_WIDTH) {
/* Helper references for top part of N */
mbedtls_mpi_uint * const NT_p = X + P255_WIDTH;
const size_t NT_n = X_Limbs - P255_WIDTH;
/* N = A0 + 38 * A1, capture carry out */
carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, NT_p, NT_n, 38);
/* Clear top part */
memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n);
} }
/* Split N as N + 2^256 M */ /* Step 2: Reduce to <p
memcpy(Mp, NT_p, sizeof(mbedtls_mpi_uint) * NT_n); * Split as A0 + 2^255*c, with c a scalar, and compute A0 + 19*c */
memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); carry[0] <<= 1;
carry[0] += (X[P255_WIDTH-1] >> (biL - 1));
carry[0] *= 19;
/* N = A0 + 38 * A1 */ /* Clear top bit */
mbedtls_mpi_core_mla(N->p, P255_WIDTH + 1, X[P255_WIDTH-1] <<= 1; X[P255_WIDTH-1] >>= 1;
Mp, NT_n, (void) mbedtls_mpi_core_add(X, X, &carry[0], P255_WIDTH);
38);
return 0; return 0;
} }

7
library/ecp_invasive.h
View File

@ -241,6 +241,13 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE